security-audit-assistant

Conducts lightweight security baseline audits on OpenClaw-managed servers, identifies high-risk SSH/firewall issues, and provides one-click fixes plus compli...

This skill appears to perform the stated local security checks and does not request credentials or external network access, but exercise caution before running on production servers. Specifically: - Test on a single non-production node first: run the audit in report-only mode (do not apply fixes automatically). Verify the generated recommendations are correct for your OS. - Do not run the provided fix commands blindly. Several sed replacement expressions in the packaged fixes are malformed and could corrupt sshd_config or other files and potentially lock you out of SSH. Always create a backup of affected config files (e.g., /etc/ssh/sshd_config.bak) before applying fixes. - Ensure you have console or out-of-band access (serial/console) before applying changes that restart SSH. - The SKILL.md promises "one-click fixes" but the included script only prints commands; confirm whether the skill will ever execute fixes automatically (review the runtime behavior in your OpenClaw environment). The hook permission node:exec means future updates could add auto-fix behavior—review code after updates and restrict scheduling if you don't want automated remediation. - Check OS compatibility: some fixes use apt even when centos/rhel are in supported lists. Confirm package manager commands are appropriate for the target OS before applying. - If you plan to use scheduled audits, review the cron configuration that will be created and ensure reports and any notifications go only where you expect. If you are not comfortable auditing the code yourself, run this only on staging systems or consult a sysadmin to inspect/patch the fix commands (correct sed patterns, add config backups, validate changes, add dry-run and explicit apply flags).

Type: OpenClaw Skill Name: security-audit-assistant Version: 1.0.0 The Security Audit Assistant is a legitimate security tool designed to perform CIS-inspired baseline checks on managed nodes. It uses the 'node:exec' permission to run standard diagnostic commands (e.g., grep, systemctl, stat) and identifies common misconfigurations in SSH, firewalls, and file permissions. The script (scripts/audit.js) provides remediation commands to the user in a report format rather than executing them automatically, and no evidence of data exfiltration, malicious persistence, or obfuscation was found.